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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to the amendment received on March 2, 2007. Claims 

1 , 3-39 are currently being considered. 

Response to Arguments 

2. Applicant's arguments filed on March 2, 2007 have been fully considered but they 
are not persuasive for the following reasons: 

The telephonic interview held on February 21, 2007, focused on paragraph 
[0038] as a possible amendment to overcome the Cited Prior Art (CPA) of record. 
However, the amendment received does not incorporate the elements on 
aforementioned paragraph [0038] into the body of the claim in a way to differentiate the 
claim from the CPA. Paragraph [0038] mentions a key which is stored multiple times, 
and each time the key is encoded using a different one of a possible password data, 
and allows a system which supports multiple methods of logging in to be used by 
encoding the key data in each possible fashion to support each identification method. 
However, the present amendments, do not clearly define these elements, and the terms 
in the claims such as "same security data" and "each user authorization process" must 
be viewed with the broadest reasonable interpretation. Regarding claim 1 , the Applicant 
argues that the CPA does not teach, "different encoded secure data for each user 
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authorization process such that a combination of user authorization using one of said 
user authorization processes and any of said several different data keys allows for 
retrieval and decoding of the same security data." This argument is not found 
persuasive. The CPA, Lockhart et al. (U.S. Patent 6,230,272), teaches that a private 
key (column 5 lines 34-42) or any other sort of security data which could be common to 
many users (column 7 lines 33-37), is encrypted with a multipurpose data string (column 
4 lines 35-41 , column 5 lines 33-37). Each multipurpose string is unique for a given 
user (column 3 lines 23-27), and therefore there are several multipurpose strings 
(several different data keys). Furthermore, since the private key or the security data 
could be common to many users (same security data), the same security data is 
encrypted and decrypted with one of many different multipurpose strings (any of said 
different data keys). The CPA also teaches that a combination of a user authorization 
process and any of several different data keys is needed to allow for retrieval and 
decoding of the same security data. As mentioned earlier, one of many different 
multipurpose strings is needed to decrypt (decode) the same security data. However, it 
is also disclosed in the CPA that the multipurpose string (data key) is not released to the 
computer unless a valid fingerprint is read (user authorization process is passed) 
(column 4 lines 26-34). Therefore, a fingerprint authorization is needed to retrieve the 
multipurpose string that is needed to decode the security data. In other words, a 
combination of a fingerprint authorization process and a multipurpose string is needed 
to retrieve and decode security data which can be common to more than one user. 
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Therefore, the rejection is respectfully maintained for the pending claims, and the 
rejection is presented below. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1, 3-5, and 22-25 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Lockhart US (6,230272). 

Regarding claim 1: Lockhart discloses a method of securing security data stored on a 
computer system (see abstract) comprising the steps of: 

Providing one of several different data keys to the computer system; (Col 3, lines 
39-46); 

Transforming the security data with the data key in a reversible fashion to 
produce encoded secure data such that the data key is required in order to perform a 
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reverse transform and extract the security data from the encoded secure data; and (Col 
4, lines 35-43) 

storing the encoded secure data in a fashion such that a user authorization 
process is used to retrieve the encoded secure data such that the data key and the user 
authorization process in combination, provide access to the security data and such that 
the stored data within the computer system is encoded. (Col 4, lines 43-45 and Col 4, 
lines 59-65), 

wherein a same security data is encoded with several different data keys to 
provide different encoded secure data for each user authorization process such that a 
combination of user authorization using one of said user authorization processes and 
any of a plurality of data keys allows for retrieval and decoding of the same security 
data (Col 5, lines 22-32 and Col 5, lines 52-62). 

Regarding claim 3: Lockhart discloses the method of securing security data stored oh a 
computer system according to claim 1 , wherein each encoded secure data is associated 
with one or more user authorization processes such that a combination of one or more 
user authorization processes and any of said several different data keys allows for 
retrieval and decoding. (Col 6, lines 8-24 and Col 7, lines 22-27) 

Regarding claim 4: Lockhart discloses the method of securing security data stored on a 
computer system according to claim 1 , wherein the user authorization process is a 
biometric information verification process. (Col 3, lines 45-49) 
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Regarding claim 5: Lockhart discloses the method of securing security data stored on a 
computer system according to claim 1 , wherein the data keys include a password. ( Col 
4, lines 3-8). 

Regarding claim 22, Lockhart discloses: 

A computer system that secures security data stored therein, comprising: 

an input device that provides at least one of several different data keys to 
the computer system (Col 3, lines 39-46); 

a processing device that encodes a same security data with said several different 
data keys in a reversible fashion to produce different encoded secure data for each user 
authorization process such that respective ones of the several different data keys are 
required to perform a reverse transform and extract the security data from the encoded 
secure data (Col 4, lines 35-43); 

a memory device that stores the encoded stored data(Col 4, lines 35-43); and 

a user authorization process that retrieves the encoded secure data from the 
memory device such that at least one of the several different data keys and the user 
authorization process, in combination, provide access to the security data, wherein a 
combination of user authorization using said user authorization process and any of said 
several different data keys allows for retrieval and decoding of the same security data 
(Col 5, lines 22-32 and Col 5, lines 52-62). 
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Regarding claim 23, Lockhart discloses: 

A computer system according to claim 22, further comprising a plurality of 
authorization processes, wherein each encoded secure data is associated with one or 
more user authorization processes such that a combination of one or more user 
authorization processes and any of said several different data keys allows for retrieval 
and decoding of the security data (Col 6, lines 8-24 and Col 7, lines 22-27). 

Regarding claim 24, Lockhart discloses: 

A computer system according to claim 22, wherein the user authorization 
process is a biometric information verification process (Col 3, lines 45-49). 

Regarding claim 25, Lockhart discloses: 

A computer system according to claim 22, wherein the data keys include a 
password (column 6 lines 28-41). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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3. Claims 6-10, 13-15, and 18-21, 26-30, 33-3, and 37-39 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Lockhart et al. (U.S. Patent 6,230,272) in 
view of Bjorn (U.S. Patent 6,035,398). 

Regarding claims 6,13,19, 26, 33, and 38 Lockhart discloses: 

A method of securing security data stored on a computer system comprising: 

providing a biometric information source ( Col 5, lines 61-64) and comparing the 
biometric information source against stored templates associated with the biometric 
information source;( Col 5, lines 64-68) and for, in dependence upon a comparison 
result pairing biometric information source with a first individual identity;( Col 6, lines 1- 

providing one of several different data keys associated with the first individual 
identity (Col 3, lines 39-46) the one data key being other than stored on the computer 
system (Col 3, lines 39-46)); 

retrieving encoded security data associated with the information, and using the 
one data key for decoding the encoded security data. (Col 4, lines 43-45 and Col 4, 
lines 59-65), 

wherein a same security data is encoded with several different data keys to 
provide different encoded secure data for each user authorization process such that a 
combination of user authorization and any of a plurality of data keys allows for retrieval 
and decoding (Col 5, lines 22-32 and Col 5, lines 52-62). 
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Lockhart does not explicitly disclose providing a biometric information source and 
comparing the biometric information source against stored templates associated with 
the biometric information source and for, in dependence upon a comparison result 
pairing biometric information source with a first individual identity. Bjorn teaches 
providing a biometric information source (Col 5, lines 61-64) and comparing the 
biometric information source against stored templates associated with the biometric 
information source;( Col 5, lines 64-68) and for, in dependence upon a comparison 
result pairing biometric information source with a first individual identity;( Col 6, lines 1- 
3). Lockhart and Bjorn are analogous arts as both are directed towards generating keys 
that are used to secure information. Furthermore, Lockhart anticipated the use of 
biometrics such as a fingerprint reader to identify the user. It would have been obvious 
to use a biometric source and comparing the biometric identity because using a 
biometric to create a key because it provides "a secure cryptographic key that is easily 
usable by the user, but not accessible to third parties." 

Regarding claims 7, 18, and 27 Lockhart discloses: 

A method of securing security data stored on a computer system according to 
claim 6, wherein the decoded security data is for performing at least one of encrypting 
and decrypting data on the computer system (Col 6, lines 8-24 and Col 7, lines 22-27). 
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Regarding claims 8 and 28: A method of securing security data stored on a computer 
system according to claim 6, wherein the decoded security data is for allowing access of 
the data to the identified individual, (column 7 lines 1-20). 

Regarding claims 9 and 29, Lockhart does not explicitly disclose that the step of 
accepting the biometric source is using a contact imager. Bjorn discloses a method of 
securing security data stored on a computer system according to claim 6, wherein the 
step of accepting biometric information source comprises imaging the biometric 
information source using a contact imager. (Col 3, lines 4-11 and Col 4, lines 4-11). 
Lockhart and Bjorn are analogous arts as both are directed towards generating keys 
that are used to secure information. Furthermore, Lockhart anticipated the use of 
biometrics such as a fingerprint reader to identify the user. It would have been obvious 
to use a biometric source and comparing the biometric identity because using a 
biometric to create a key because it provides "a secure cryptographic key that is easily 
usable by the user, but not accessible to third parties." 

Regarding claims 10 and 30, Lockhart does not explicitly disclose that the contact 
imager is a fingerprint imager. However, Bjorn discloses a method of securing security 
data stored on a computer system according to claim 9, wherein the contact imager is a 
fingerprint imager (Col 3, lines 4-1 1 and Col 4, lines 4-11). Lockhart and Bjorn are 
analogous arts as both are directed towards generating keys that are used to secure 
information. Furthermore, Lockhart anticipated the use of biometrics such as a 
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fingerprint reader to identify the user. It would have been obvious to use a biometric 
source and comparing the biometric identity because using a biometric to create a key 
because it provides "a secure cryptographic key that is easily usable by the user, but 
not accessible to third parties." 

Regarding claims 14, 21, and 34, Lockhart does not disclose hashing the first 
information sample to produce a first hash value. However, Bjorn discloses the method 
of securing data as defined in claim 13, wherein the step of providing a. first information 
sample to a computer system comprises: hashing the first information sample to 
produce a first hash value (Col 3, lines 44-59). Lockhart and Bjorn are analogous arts 
as both are directed towards generating keys that are used to secure information. 
Furthermore, Lockhart anticipated the use of biometrics such as a fingerprint reader to 
identify the user. It would have been obvious to use a biometric source and comparing 
the biometric identity because using a biometric to create a key because it provides "a 
secure cryptographic key that is easily usable by the user, but not accessible to third 
parties." 

Regarding claim 15, Lockhart does not disclose providing a second information sample, 
hashing the second information sample, and encoding the key data, and securing the 
second security data. Bjorn discloses the method of securing data comprising: 



Application/Control Number: 10/067,403 Page 12 

Art Unit: 2131 

providing a second other information sample to the computer system;(Col 3, lines 

28-36) 

hashing the second information sample to produce a second hash value; (Col 3, 
lines 44-46) 

encoding the key data in dependence upon the second hash value to produce 
second security data; and ( Col 3, lines 54-65) 

securing the second security data in dependence upon at least one of the at least 
one biometric information sample. ( Col 4, lines 8-20). 

Lockhart and Bjorn are analogous arts as both are directed towards generating keys 
that are used to secure information. Furthermore, Lockhart anticipated the use of 
biometrics such as a fingerprint reader to identify the user. It would have been obvious 
to use a biometric source and comparing the biometric identity because using a 
biometric to create a key because it provides "a secure cryptographic key that is easily 
usable by the user, but not accessible to third parties." 

Regarding claims 20 and 39, Lockhart does not explicitly disclose the providing a first 
information sample and comparing the decoded biometric sample against stored 
templates. Bjorn discloses the method of securing data according to claim 19, 
comprises the steps of: providing a first information sample to a computer system for 
decoding the encoded biometric sample; (Col 4, lines 60-63 and item 340 of FIG. 3) and 
comparing the decoded biometric sample against stored templates associated with the 
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biometric information source. (Col 4, lines 64-67 and item 345 of FIG. 3). Lockhart and 
Bjorn are analogous arts as both are directed towards generating keys that are used to 
secure information. Furthermore, Lockhart anticipated the use of biometrics such as a 
fingerprint reader to identify the user. It would have been obvious to use a biometric 
source and comparing the biometric identity because using a biometric to create a key 
because it provides "a secure cryptographic key that is easily usable by the user, but 
not accessible to third parties." 

Regarding claim 37, Lockhart discloses: 

A computer system according to claim 33, wherein the encoding means encrypts 
data using the key data (column 6 lines 33-41). 

3. Claims 11,12,16, 17, 31-32, and 35-38 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Lockhart et al. (U.S. Patent 6,230,272) in view of Bjorn US 
(6,035,398) in further in view of Gressel US (6,31 1 ,272). 

Regarding claims 1 1,16, 31 , and 35 Lockhart and Bjorn disclose the method of securing 
security data stored on a computer system according to claim 6, wherein the step of 
providing the data key comprises the step of providing a public/private key pair (Col 8, 
lines 54-61) but he doesn't explicitly disclose the step of providing the data key 
comprises the step of providing. However, Gressel discloses a biometric authentication 
system where he teaches the using of a password or a shared secret to retrieve and 
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decrypt decryption key stored on memory using biometric techniques ( Col 5, lines 56- 
65) . Therefore it would have been obvious to one ordinary skilled in the art at the time 
the invention was made to modify Bjorn system with the teachings of Gressel to include 
provide a password through the authentication process. One would be motivated to do 
so in order to enable the system to provide the decryption key to the user by 
authenticating the user using a password or PIN that is usually easier for the user to 
remember and keeping the decryption key in a secure area. 

Regarding claims 12, 17, 32, and 36, Lockhart and Bjorn disclose the method of 
securing security data stored on a computer system according to claim 6, wherein the 
step of providing the data key comprises the step of providing information stored on a 
database but he doesn't explicitly disclose the step of providing the data key comprises 
the step of providing information stored on smart card. However, Gressel discloses a 
biometric authentication system where he teaches storing decryption key on a smart 
card and using a shared key to retrieve and decrypt decryption key stored on the smart 
card (Col 3, Lines 50-55 and Col 8, lines 28-38). Therefore it would have been obvious 
to one ordinary skilled in the art at the time the invention was made to modify Bjorn 
invention with the teachings of Gressel to provide a data key stored the smart card. One 
would be motivated to do so in order to eliminate any possibility of the decryption key 
being compromised during operation and to provide higher degree of security against 
physical attacks. Additionally using the smart card enables the system to provide a 
higher degree of mobility for the users. 
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Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kaveh Abrishamkar whose telephone number is 571- 
272-3786. The examiner can normally be reached on Monday thru Friday 8-5. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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